OK, Spaghetti Knight, yes I used CAPS and can see what you mean that it sounds like the propaganda we get educated about. (That doesn't mean it is wrong, even if true) But ya just gotta love where it says " When you are on the Internet you might as well be writing for the front page of an international newspaper."
Please consider that I am just recoiling to the level of insecurity I am discovering. I do not work for the government. I'm a dad who would be horrified to think my kids might think this could protect them from the law so they might feel safe doing things they shouldn't do in the first place. I do have a lot of experience in computer security. I'm not a n00b, but am absolutely brand-new to Tor. I actually want to just see how this all works. I know this was developed for the Navy. And with just a bit of redesign it could actually be made secure. But if I lived in China I sure as hell wouldn't want to trust this public version to keep me safe from the consequences of criticizing the government.
But this isn't about me. If it was, I would show you a picture of the Tor Archway, "das Tor"
But I do hope you all will comment further about my actual points about the flaws in the system. Like the lack of server-side encryption.
And I do see Tor Hacker's point. But my original assertion is about the complexity of being traced. If they know the entry point and the exit node sends it out unencrypted, the middle hop then is the ONLY unknown, if they're watching you. My point is that it constrains the unknowns they have to deal with. It would be much better if it were a random number of hops, I'd say.
This was just my first impressions! And look at what happened to the Silk Road guy. I don't know if someone ratted him out, or if he just got too big, but in the end they put him in a very bad place, forever. Maybe it really was just because he used the Captcha service. I can see that being a problem. And that leads to a whole host of other issues, like using systems that get auto-updates that might talk back to the mother ship. Or any of a host of other technical exposures. God forbid that any of this be run on Win10. That whole thing is built as an appendage to M$. Even Ubuntu gets auto-updates, though. Who knows what all they put in them? Keyloggers for the endpoints would be the obvious first step, for instance. Tails is cool because it doesn't leave tracks on the PC, and won't be sent anywhere else as long as the keylogger isn't part of the BIOS. But when was the last time you took apart your BIOS to see what all it does?
I stand by my statement that this system is not safe enough. Even the experts can't ensure their own safety. 'nuff said.
Anyway, have a good day! Thank you for making this a discussion rather than leaving it like someone was just launching a lecture.